From 57e8d1c6ff58bc58d50d0b1d501820f55a6f2837 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Thu, 21 Jul 2016 09:42:01 +0200
Subject: [PATCH] prevent search for RADIUS proxy servers by secret

radiusproxy-find should not allow search by proxy secret even for privileged
users so we should hide it from CLI.

https://fedorahosted.org/freeipa/ticket/6078

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/plugins/radiusproxy.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ipaserver/plugins/radiusproxy.py b/ipaserver/plugins/radiusproxy.py
index 5657e002c1ce66335b7697b98f95a49207c61d87..3391b8aed77205fb1a586d5472d8cfdbc9fd1cd5 100644
--- a/ipaserver/plugins/radiusproxy.py
+++ b/ipaserver/plugins/radiusproxy.py
@@ -169,6 +169,14 @@ class radiusproxy_find(LDAPSearch):
         '%(count)d RADIUS proxy server matched', '%(count)d RADIUS proxy servers matched', 0
     )
 
+    def get_options(self):
+        for option in super(radiusproxy_find, self).get_options():
+            if option.name == 'ipatokenradiussecret':
+                option = option.clone(flags={'no_option'})
+
+            yield option
+
+
 @register()
 class radiusproxy_show(LDAPRetrieve):
     __doc__ = _('Display information about a RADIUS proxy server.')
-- 
2.7.4